Yeah, I feel your pain. I'm dealing with a related issue at the moment getting clarification on whether a Netopia SDSL router will, or will not, form a peer IPSEC/3DES tunnel with a Cisco router. I haven't had a chance to test yet, but I'm hearing mixed answers. It just seems to me that if an IPSEC implementation claims to be fully compliant with standards, it really should be fully compliant.
At 12:24 AM 4/26/2002 -0400, you wrote: >if you have any luck finding such an animal, let me know. I have clients who >would like to do this ( against my advice ) > >seriously, one of the knocks on ALL IPSec implementations, be they router, >firewall, or client, is that there are interoperability problems with all of >them. > >In general, the IRE client is the root of all matter. But there is no >guarantee that any two IPSec devices will connect. Some of the vendors will >make great efforts to assure that their products are compatible with a >chosen few - usually Cisco. I don't know the current thinking at Nortel, but >as short as a year ago, Nortel SE's I knew were saying their client worked >only with Nortel VPN boxes. Netscreen claims their VPN boxes and client will >work with Netscreen and Cisco. I have not had the opportunity to test this. > >Good luck. > >Chuck > >""Craig Columbus"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Thanks for the responses. > > > > I'm aware of split tunneling with a concentrator. That's not what I want. > > I'm looking for something that lets me connect to any IPSEC compliant > > endpoint, whether it's a PIX, a router, or a Linux box. In other words, > > the client shouldn't care what it's connecting to. It should only care > > whether the traffic has a destination within the remote network or not. >If > > so, send through tunnel, if not, send to Internet. > > > > Hope this helps clarify. > > > > Thanks! > > Craig > > > > At 07:39 PM 4/25/2002 -0400, you wrote: > > >You can definitely do this using the Cisco VPN client. This is a policy >push > > >from the concentrator. If you would like split-tunneling you need to >enable > > >that on the concentrator to allow the clients to do that. > > > > > > >http://www.cisco.com/univercd/cc/td/doc/product/vpn/client/rel3_5_1/admin_g >d > > >/vca.pdf > > > > > >Tim > > >CCIE 9015 > > > > > > > > >-----Original Message----- > > >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > >Craig Columbus > > >Sent: Thursday, April 25, 2002 6:25 PM > > >To: [EMAIL PROTECTED] > > >Subject: Alternatives to Cisco VPN client [7:42604] > > > > > > > > >Let me preface this by saying that all of my VPN experience has been >either > > >peer-peer or client to peer with the Cisco VPN client 1.x or 3.x. Please > > >ignore my ignorance if I've missed something obvious. > > > > > >I've got a major complaint with the Cisco VPN client. It's not smart > > >enough to differentiate local traffic/Internet traffic from VPN > > >traffic. Therefore, you can't browse the Internet and your VPN network >at > > >the same time. > > >I'm looking for alternative software clients that are smart enough to say > > >"Ok. Any traffic destined for 10.x.x.x (or whatever you define VPN >traffic > > >to be) goes to the tunnel. If the traffic has any destination other than > > >10.x.x.x, it's treated as if the tunnel weren't even present." This >would > > >allow my client machine to easily browse the Internet and the VPN remote > > >network at the same time. > > >I've done some preliminary searches for third-party clients, but don't >want > > >to waste time trying 50 clients that may not be any good. I've found >some > > >for Mac OS X that'll do what I want, but I haven't found one for Win > > >9x/ME/NT/2K/XP. > > >There's got to be a decent client that does this. > > >Sorry for rambling.... :-) It's been a long day. > > > > > >As usual, thanks in advance to everyone. > > > > > >Craig Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42633&t=42604 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
